| Author |
Message |
JConchie
Guest
|
 Posted:
Thu Nov 10, 2005 1:51 am Post subject:
What happens to my W2K domain controllers |
|
|
Current setup:
Single W2k Domain, with three sites. 4 W2K DCs..two in main office site
(FSMO roles, DNS,DHCP and Wins) and one each (VPN linked) in the two remote
offices (running AD-integrated DNS)
Main Office also has Exchange 2000 running on an up-to-date W2k box (no
plans to upgrade Exchange) and two 2003 member servers running
apps/files/printers.
Clients in remote sites and a few in main office are on static ips.....rest
of main office is on DHCP
The Change:
We are replacing both the W2k boxes in the remote sites with new 2003
boxes....which will necessitate....if we want to continue with DCs in both
sites, which we do....the local authentication and DNS is well worth
it.............upgrading the domain to Windows 2003.
The Plan:
1) The Exchange 2000 schema changes are already in place, so will run
inetorgpersonprevent.ldf as per KB314649
2) Run W2003 adprep/forestprep and /domainprep on one of the main office
2003 member servers.
3) Install and disable AD-integrated DNS and DHCP on one of the main office
2003 member servers.
4) Run dcpromo on one of the main office 2003 servers, when successful:
5) Run dcpromo on the other main office 2003 server
6) Instal AD-integrated DNS on the two new boxes for the remote sites. Run
dcpromo on both.
7) Ship both new 2003 DCs to their respective sites and set them up.
8) Run dcpromo on all four old W2k DCs to demote them to member servers.
9) Shut down DNS and DHCP on W2K boxes and enable it on new 2003, pointing
new DHCP to new DNS server.
10) Point static IP boxes to new DNS.
The Questions, for the marbles:
1) Anything out of sequence in the plan? Any missing steps?
2) During the 4-5 day difference (setting both of them up here in the main
office and then shipping to remote sites) beween promoting to a Windows 2003
domain and getting the remote DCs up and running, is there any problems that
we may run into leaving the four W2K DCs not yet demoted to member servers?
3) During that same delay, will the users in the remote offices continue to
authenticate logins to the local W2k server....or will they have to
authenticate over the lan to one or the other of the new 2003 DCs in the main
office?
4) Anything at all else we are missing here? |
|
| Back to top |
|
 |
Paul Bergson
Guest
|
| Posted:
Thu Nov 10, 2005 7:50 am Post subject:
Re: What happens to my W2K domain controllers |
|
|
See inline
Hope this helps
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"JConchie" <JConchie@discussions.microsoft.com> wrote in message
news:151FD619-0172-409B-8715-D44E61DCF49F@microsoft.com...
| Quote: | Current setup:
Single W2k Domain, with three sites. 4 W2K DCs..two in main office site
(FSMO roles, DNS,DHCP and Wins) and one each (VPN linked) in the two
remote
offices (running AD-integrated DNS)
Main Office also has Exchange 2000 running on an up-to-date W2k box (no
plans to upgrade Exchange) and two 2003 member servers running
apps/files/printers.
Clients in remote sites and a few in main office are on static
ips.....rest
of main office is on DHCP
The Change:
We are replacing both the W2k boxes in the remote sites with new 2003
boxes....which will necessitate....if we want to continue with DCs in both
sites, which we do....the local authentication and DNS is well worth
it.............upgrading the domain to Windows 2003.
The Plan:
1) The Exchange 2000 schema changes are already in place, so will run
inetorgpersonprevent.ldf as per KB314649
2) Run W2003 adprep/forestprep and /domainprep on one of the main office
2003 member servers.
3) Install and disable AD-integrated DNS and DHCP on one of the main
office
2003 member servers.
|
Install dns and dhcp on a member server. Nothing to disable.
| Quote: | 4) Run dcpromo on one of the main office 2003 servers, when successful:
|
Dcpromo the server that has the dns installed on it. DNS will follow with
the upgrade to the DC.
Change the ip address of the new dhcp/dns server to the same as the old and
modify the old one to a new value
Migrate the FSMO roles
http://support.microsoft.com/kb/324801
Transfer the dhcp database
http://support.microsoft.com/default.aspx?scid=kb;en-us;325473
Assign the global catalog server to one or more servers
http://support.microsoft.com/default.aspx?scid=kb;en-us;295419
| Quote: | 5) Run dcpromo on the other main office 2003 server
6) Instal AD-integrated DNS on the two new boxes for the remote sites.
Run dcpromo on both. |
Install the dns service and dcpromo the servers.
| Quote: |
7) Ship both new 2003 DCs to their respective sites and set them up.
8) Run dcpromo on all four old W2k DCs to demote them to member servers.
|
Demote local office don't demote remote until they have been installed and
are replicating properly. Once you choose to demote old in remote modify
the ip address of the new to match the old.
| Quote: |
9) Shut down DNS and DHCP on W2K boxes and enable it on new 2003, pointing
new DHCP to new DNS server.
|
Already done in other steps
| Quote: | 10) Point static IP boxes to new DNS.
|
Not needed if you make the new server the old ip address as addressed
earlier
| Quote: |
The Questions, for the marbles:
1) Anything out of sequence in the plan? Any missing steps?
|
See inline comments
| Quote: |
2) During the 4-5 day difference (setting both of them up here in the main
office and then shipping to remote sites) beween promoting to a Windows
2003
domain and getting the remote DCs up and running, is there any problems
that
we may run into leaving the four W2K DCs not yet demoted to member
servers? |
No tombstoning has a 60 day life time
| Quote: |
3) During that same delay, will the users in the remote offices continue
to
authenticate logins to the local W2k server....or will they have to
authenticate over the lan to one or the other of the new 2003 DCs in the
main
office?
|
Don't demote so soon
| Quote: |
4) Anything at all else we are missing here? |
|
|
| Back to top |
|
|
Paul Bergson
Guest
|
| Posted:
Thu Nov 10, 2005 1:50 pm Post subject:
Re: What happens to my W2K domain controllers |
|
|
Make sure you make the remote dc's gc's as well
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Paul Bergson" <pbergson@allete.com> wrote in message
news:%23w%23xgkZ5FHA.3276@TK2MSFTNGP10.phx.gbl...
| Quote: | See inline
Hope this helps
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no
rights.
"JConchie" <JConchie@discussions.microsoft.com> wrote in message
news:151FD619-0172-409B-8715-D44E61DCF49F@microsoft.com...
Current setup:
Single W2k Domain, with three sites. 4 W2K DCs..two in main office site
(FSMO roles, DNS,DHCP and Wins) and one each (VPN linked) in the two
remote
offices (running AD-integrated DNS)
Main Office also has Exchange 2000 running on an up-to-date W2k box (no
plans to upgrade Exchange) and two 2003 member servers running
apps/files/printers.
Clients in remote sites and a few in main office are on static
ips.....rest
of main office is on DHCP
The Change:
We are replacing both the W2k boxes in the remote sites with new 2003
boxes....which will necessitate....if we want to continue with DCs in
both
sites, which we do....the local authentication and DNS is well worth
it.............upgrading the domain to Windows 2003.
The Plan:
1) The Exchange 2000 schema changes are already in place, so will run
inetorgpersonprevent.ldf as per KB314649
2) Run W2003 adprep/forestprep and /domainprep on one of the main office
2003 member servers.
3) Install and disable AD-integrated DNS and DHCP on one of the main
office
2003 member servers.
Install dns and dhcp on a member server. Nothing to disable.
4) Run dcpromo on one of the main office 2003 servers, when successful:
Dcpromo the server that has the dns installed on it. DNS will follow with
the upgrade to the DC.
Change the ip address of the new dhcp/dns server to the same as the old
and
modify the old one to a new value
Migrate the FSMO roles
http://support.microsoft.com/kb/324801
Transfer the dhcp database
http://support.microsoft.com/default.aspx?scid=kb;en-us;325473
Assign the global catalog server to one or more servers
http://support.microsoft.com/default.aspx?scid=kb;en-us;295419
5) Run dcpromo on the other main office 2003 server
6) Instal AD-integrated DNS on the two new boxes for the remote sites.
Run dcpromo on both.
Install the dns service and dcpromo the servers.
7) Ship both new 2003 DCs to their respective sites and set them up.
8) Run dcpromo on all four old W2k DCs to demote them to member servers.
Demote local office don't demote remote until they have been installed and
are replicating properly. Once you choose to demote old in remote modify
the ip address of the new to match the old.
9) Shut down DNS and DHCP on W2K boxes and enable it on new 2003,
pointing
new DHCP to new DNS server.
Already done in other steps
10) Point static IP boxes to new DNS.
Not needed if you make the new server the old ip address as addressed
earlier
The Questions, for the marbles:
1) Anything out of sequence in the plan? Any missing steps?
See inline comments
2) During the 4-5 day difference (setting both of them up here in the
main
office and then shipping to remote sites) beween promoting to a Windows
2003
domain and getting the remote DCs up and running, is there any problems
that
we may run into leaving the four W2K DCs not yet demoted to member
servers?
No tombstoning has a 60 day life time
3) During that same delay, will the users in the remote offices continue
to
authenticate logins to the local W2k server....or will they have to
authenticate over the lan to one or the other of the new 2003 DCs in the
main
office?
Don't demote so soon
4) Anything at all else we are missing here?
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in